WordPress Freshchat plugin cross-site request forgery vulnerability

WordPress Freshchat plugin is a tool for integrating live chat functionality on WordPress websites, mainly providing customer support and user interaction features. The WordPress Freshchat plugin suffers from a cross-site request forgery vulnerability that originates from a web application that...

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

CVE-2025-67794

CVE-2025-67794 affects DriveLock agents (versions 24.1–24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6). The root cause is overly permissive ACLs on directories and files created by the agent, enabling local users without administrator rights to trigger actions or destabilize the agent. Multip...

WordPress Ally plugin stack buffer overflow vulnerability

WordPress Ally plugin is a free and open source WordPress plugin, mainly used to improve the accessibility of the website Accessibility, to help users simplify the website accessibility process. A stack buffer overflow vulnerability exists in the WordPress Ally plugin, which originates from the...

AZL-64337 CVE-2024-11584 affecting package cloud-init for versions less than 24.3.1-2

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...

CVE-2025-31360

Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users...

CVE-2021-44524

A vulnerability has been identified in SiPass integrated V2.76 All versions, SiPass integrated V2.80 All versions, SiPass integrated V2.85 All versions, Siveillance Identity V1.5 All versions, Siveillance Identity V1.6 All versions V1.6.284.0. Affected applications insufficiently limit the access...

CVE-2021-23849

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user CSRF - Cross Site Request Forgery. This requires the victim to be tricked into clicking a malicious link or opening a malicious website while bei...

Bosch IP cameras 跨站请求伪造漏洞

Bosch IP cameras is a German Bosch web camera A security vulnerability exists in the web-based interface of Bosch IP cameras that allows an unauthenticated, remote attacker to trigger an action on behalf of another user on the affected system...

Code injection

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected...

CVE-2018-13800

A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 All versions V4.2.3. The web interface could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a...